Latest GDPR updates and resources


Friday 2nd February 2018

The ICG recently ran a webinar on this topic - to view, click here.

The Information Commissioner's Office has published more information and resources to help companies prepare for GDPR.

They are also working on some 'resources' which will help organisations' efforts to reach their customers and service users about changes brought about by GDPR.  It is not clear what these resources will be, but they are hoping to have them ready by the beginning of March - we will update you on these as they are published.

Other resources include:

  • Chime Insight & Engagement CEO, Crispin Beale, looks at the fundamentals that researchers need to know

  • GDPR Advisor's (Lesley)resource pack designed specificially for market research
  • The extremely useful Future Learn course - which we published last year and which they are now rerunning...
  • Marketing Week 'setting the scene' webinar -  If you register with Marketing Week you can watch the replay
  • Marketing Week webinar tackling the specific topic of legitimate interest 
  • ICO guidance on legitimate Interest
  • Facebook group: It is being run by someone who used to work in Richard Branson's legal team.  It is aimed mainly at online businesses and entrepreneurs, but a lot of the principles apply to companies like ours, as they are small businesses and consultancies.  Suzanne posts a video every day, answers questions on the site and has templates and advice available to purchase
  • GDPR notice from Research Now - see download on the right

Contracts - we are increasingly being asked to review and sign contracts which have been updated with GDPR clauses.  One member kindly shared some recent advice recevied from a lawyer on this issue...

This clause in some form seems to be fairly standard:  ³In the event that a third party makes a claim against xxx (client) which relates to the processing activities of service provider or which relates to a service provider¹s breach of this clause 3, the service provider shall indemnify xxx (Client) in full and on demand in respect of any losses, liabilities, costs or expenses of xxx (client) relating to such third party claim²

Advice from lawyer said:  there are two problems here.  The first is that this potentially makes you liable to xxx (client) in circumstances where  you have not been at fault, e.g. because there was a failure to obtain data subject consent where it was necessary.  The second is that you are not covered yourself if xxx (client) cause you damage.  I would suggest you add words to the end of this clause reading ³The Service Provider shall not be liable to xxx (client) under this clause where the third party¹s claim arose as a result of any failure by xxx (client) to obtain any necessary consent from a data subject, or as a result of any breach by xxx (client) of Data Protection Legislation. Xxx (client) shall also indemnify the Service Provider in full and on demand in respect of any losses, liabilities, costs or expenses of the Service Provider relating to any claim which a third party may make against the Service Provider which arises as a result of any failure by xxx (client) to obtain any necessary consent from a data subject, or as a result of any breach by xxx (client) of Data Protection Legislation.²